OPNsense Forum
English Forums => Web Proxy Filtering and Caching => Topic started by: Steve28 on March 27, 2021, 03:38:52 pm
-
I have a publicly exposed service that I want to prompt me for basic auth if I am connecting from outside my local LAN. I accomplished this by:
- Make a condition for Source IP matches Specified IP, with 192.168.1.0/24, and negate condition checked
- Make a rule that if the above condition is true, then execute function http-request auth (from the "Execute Function" pulldown menu)
- Apply that rule to the backend
- In user management, create the users I want to be able to authenticate
That's it - it's worked fine for well over a year... then sometime in recent past, it stopped. I get requested for authentication if outside my LAN, but no users will work. So I go investigate the config file and there are no users in there.
So I go to Settings->Global Options->Custom options and I add:
userlist users
user me insecure-password passwordStill nothing.
Did something change recently? What am I missing here?
-
Hi Steve,
I don't know if this issue is solved.
Just want to provide my fresh newbie knowledge ;)
As I understand it the custom options should fade away because the developers want everthing in order for the future and every option directly configureable though individual options in the GUI.
In the case of HAProxy it has its own User Management (now).
It can be found in Services => HAProxy => Settings => User Management
In case you need further assistance please let me know. I have a working configuration with this authentication scenario.
Kind regards,
Thomas
-
@Thomas_L When I go to the User Management tab and enter users there they do not appear in the Config Export file at all. They seem to be completely ignored. That is, entering them there, they cannot be used for auth at all. This USED to work, but one of the recent updates it broke (maybe with 21.1). However, if I enter the users in the bypass field I can use as normal. If you wouldn't mind sharing what you do that would be great!